Uploaded image for project: 'Sentry'
  1. Sentry
  2. SENTRY-1209

Sentry does not block Hive's cross-schema table renames

    XMLWordPrintableJSON

    Details

      Description

      User Pete
      has read-write access to schema A
      has read-only access to schema B

      User Pete nevertheless was able to rename/move Hive table
      from schema A to schema B (where he has read-only access):

      use A;
      alter table table_a rename to B.table_a;

      Hive allows to use rename table syntax to move tables across schemas, not just rename.

      Sentry does not check security boundaries in this case.

        Attachments

        1. SENTRY-1209.006.patch
          14 kB
          Colin
        2. SENTRY-1209.005.patch
          11 kB
          Colin
        3. SENTRY-1209.004.patch
          11 kB
          Colin
        4. SENTRY-1209.003.patch
          9 kB
          Colin
        5. SENTRY-1209.002.patch
          9 kB
          Colin
        6. SENTRY-1209.001.patch
          7 kB
          Colin

          Issue Links

            Activity

              People

              • Assignee:
                colin Colin
                Reporter:
                Tagar Ruslan Dautkhanov
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: